From 97d821c45de7218a1ecdd7e20f653726c8fef751 Mon Sep 17 00:00:00 2001 From: Kazu Yamamoto Date: Thu, 7 Dec 2023 13:15:16 +0900 Subject: [PATCH 1/8] using tls v2.0 --- Network/QUIC/Types/Error.hs | 4 +--- Network/QUIC/Types/Packet.hs | 8 ++++---- quic.cabal | 2 +- test/TransportError.hs | 4 ++-- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/Network/QUIC/Types/Error.hs b/Network/QUIC/Types/Error.hs index 53feda0e..78ea36ab 100644 --- a/Network/QUIC/Types/Error.hs +++ b/Network/QUIC/Types/Error.hs @@ -84,9 +84,7 @@ instance Show TransportError where show (TransportError 0x10) = "NoViablePath" show (TransportError 0x11) = "VersionNegotiationError" show (TransportError x) - | 0x100 <= x && x <= 0x01ff = case toAlertDescription $ fromIntegral (x - 0x100) of - Just e -> "TLS " ++ show e - Nothing -> "TLS Alert " ++ show x + | 0x100 <= x && x <= 0x01ff = "TLS" ++ show (toAlertDescription $ fromIntegral (x - 0x100)) | otherwise = "TransportError " ++ printf "%x" x {- FOURMOLU_ENABLE -} diff --git a/Network/QUIC/Types/Packet.hs b/Network/QUIC/Types/Packet.hs index 69ad6e91..563a060b 100644 --- a/Network/QUIC/Types/Packet.hs +++ b/Network/QUIC/Types/Packet.hs @@ -4,7 +4,7 @@ module Network.QUIC.Types.Packet where import Data.Ix -import Network.TLS.QUIC (ExtensionID, extensionID_QuicTransportParameters) +import Network.TLS.QUIC (ExtensionID(ExtensionID, EID_QuicTransportParameters)) import Network.UDP import Text.Printf @@ -60,9 +60,9 @@ brokenVersionInfo = VersionInfo Negotiation [] ---------------------------------------------------------------- extensionIDForTtransportParameter :: Version -> ExtensionID -extensionIDForTtransportParameter Version1 = extensionID_QuicTransportParameters -extensionIDForTtransportParameter Version2 = extensionID_QuicTransportParameters -extensionIDForTtransportParameter _ = 0xffa5 +extensionIDForTtransportParameter Version1 = EID_QuicTransportParameters +extensionIDForTtransportParameter Version2 = EID_QuicTransportParameters +extensionIDForTtransportParameter _ = ExtensionID 0xffa5 ---------------------------------------------------------------- diff --git a/quic.cabal b/quic.cabal index 04244b7c..5e7ff94e 100644 --- a/quic.cabal +++ b/quic.cabal @@ -146,7 +146,7 @@ library network-control >= 0.0.2 && < 0.1, network-udp >= 0.0.0 && < 0.1, random >= 1.2.1 && < 1.3, - tls >= 1.9.0 && < 1.10, + tls >= 2.0 && < 2.1, unliftio >= 0.2 && < 0.3, unliftio-core >= 0.2 && < 0.3 diff --git a/test/TransportError.hs b/test/TransportError.hs index 8bdbfc56..6e0ceffa 100644 --- a/test/TransportError.hs +++ b/test/TransportError.hs @@ -8,7 +8,7 @@ import Control.Monad import Data.ByteString () import qualified Data.ByteString as BS import qualified Network.TLS as TLS -import Network.TLS.QUIC (ExtensionRaw (..)) +import Network.TLS.QUIC (ExtensionRaw (..), ExtensionID (..)) import Test.Hspec import UnliftIO.Concurrent import UnliftIO.Timeout @@ -194,7 +194,7 @@ transportErrorSpec cc0 ms = do it "MUST send missing_extension TLS alert if the quic_transport_parameters extension does not included [TLS 8.2]" $ \_ -> do - let f [ExtensionRaw _ v] = [ExtensionRaw 0xffa5 v] + let f [ExtensionRaw _ v] = [ExtensionRaw (ExtensionID 0xffa5) v] f _ = error "f" cc = addHook cc0 $ setOnTLSExtensionCreated f runCnoOp cc ms `shouldThrow` cryptoErrorsIn [TLS.MissingExtension] From 9c610191267997ac83b342a89743197501f9c5bd Mon Sep 17 00:00:00 2001 From: Kazu Yamamoto Date: Mon, 18 Dec 2023 20:05:04 +0900 Subject: [PATCH 2/8] using the new API --- Network/QUIC/Connection/Role.hs | 1 + Network/QUIC/TLS.hs | 1 + Network/QUIC/Types/Resumption.hs | 2 +- test/Config.hs | 3 ++- 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Network/QUIC/Connection/Role.hs b/Network/QUIC/Connection/Role.hs index da7e1251..8d640cc9 100644 --- a/Network/QUIC/Connection/Role.hs +++ b/Network/QUIC/Connection/Role.hs @@ -92,6 +92,7 @@ setResumptionSession conn@Connection{..} si sd = do , resumptionSession = Just (si, sd) } } + return Nothing setNewToken :: Connection -> Token -> IO () setNewToken conn@Connection{..} token = do diff --git a/Network/QUIC/TLS.hs b/Network/QUIC/TLS.hs index 468a5c47..a87296d4 100644 --- a/Network/QUIC/TLS.hs +++ b/Network/QUIC/TLS.hs @@ -23,6 +23,7 @@ sessionManager establish = , sessionResume = \_ -> return Nothing , sessionResumeOnlyOnce = \_ -> return Nothing , sessionInvalidate = \_ -> return () + , sessionUseTicket = False } clientHandshaker diff --git a/Network/QUIC/Types/Resumption.hs b/Network/QUIC/Types/Resumption.hs index 5a100b4a..8a57d492 100644 --- a/Network/QUIC/Types/Resumption.hs +++ b/Network/QUIC/Types/Resumption.hs @@ -9,7 +9,7 @@ import Network.QUIC.Imports import Network.QUIC.Types.Frame import Network.QUIC.Types.Packet -type SessionEstablish = SessionID -> SessionData -> IO () +type SessionEstablish = SessionID -> SessionData -> IO (Maybe Ticket) -- | Information about resumption data ResumptionInfo = ResumptionInfo diff --git a/test/Config.hs b/test/Config.hs index 3f04f4da..d9c7ed47 100644 --- a/test/Config.hs +++ b/test/Config.hs @@ -176,9 +176,10 @@ sessionManager ref = , sessionResume = resume , sessionResumeOnlyOnce = resume , sessionInvalidate = \_ -> return () + , sessionUseTicket = False } where - establish sid sdata = writeIORef ref $ Just (sid, sdata) + establish sid sdata = writeIORef ref (Just (sid, sdata)) >> return Nothing resume sid = do mx <- readIORef ref case mx of From 582895fd679e8e7954c1407719ea971ce3e18c36 Mon Sep 17 00:00:00 2001 From: Kazu Yamamoto Date: Thu, 1 Feb 2024 17:03:52 +0900 Subject: [PATCH 3/8] catching up new API --- Network/QUIC/Handshake.hs | 4 ++-- Network/QUIC/TLS.hs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Network/QUIC/Handshake.hs b/Network/QUIC/Handshake.hs index 1cc14490..6889c175 100644 --- a/Network/QUIC/Handshake.hs +++ b/Network/QUIC/Handshake.hs @@ -53,7 +53,7 @@ recvTLS :: Connection -> IORef HndState -> CryptLevel -> IO (Either TLS.TLSError recvTLS conn hsr level = case level of CryptInitial -> go InitialLevel - CryptMasterSecret -> failure "QUIC does not receive data < TLS 1.3" + CryptMainSecret -> failure "QUIC does not receive data < TLS 1.3" CryptEarlySecret -> failure "QUIC does not send early data with TLS library" CryptHandshakeSecret -> go HandshakeLevel CryptApplicationSecret -> go RTT1Level @@ -80,7 +80,7 @@ sendTLS conn hsr x = do sendCompleted hsr where convertLevel (CryptInitial, bs) = return (InitialLevel, bs) - convertLevel (CryptMasterSecret, _) = errorTLS "QUIC does not send data < TLS 1.3" + convertLevel (CryptMainSecret, _) = errorTLS "QUIC does not send data < TLS 1.3" convertLevel (CryptEarlySecret, _) = errorTLS "QUIC does not receive early data with TLS library" convertLevel (CryptHandshakeSecret, bs) = return (HandshakeLevel, bs) convertLevel (CryptApplicationSecret, bs) = return (RTT1Level, bs) diff --git a/Network/QUIC/TLS.hs b/Network/QUIC/TLS.hs index a87296d4..e0d8e745 100644 --- a/Network/QUIC/TLS.hs +++ b/Network/QUIC/TLS.hs @@ -45,7 +45,7 @@ clientHandshaker callbacks ClientConfig{..} ver myAuthCIDs establish use0RTT = d , clientSupported = supported , clientDebug = debug , clientWantSessionResume = resumptionSession ccResumption - , clientEarlyData = if use0RTT then Just "" else Nothing + , clientEarlyData = use0RTT } convTP = onTransportParametersCreated ccHooks params = convTP $ setCIDsToParameters myAuthCIDs ccParameters From dd14226344ea592d36d954335033bd74dc6d0521 Mon Sep 17 00:00:00 2001 From: Kazu Yamamoto Date: Sat, 3 Feb 2024 09:22:14 +0900 Subject: [PATCH 4/8] using serialise --- Network/QUIC/Packet/Token.hs | 81 ++++++++++-------------------------- Network/QUIC/Types/CID.hs | 5 ++- Network/QUIC/Types/Packet.hs | 6 ++- quic.cabal | 1 + 4 files changed, 31 insertions(+), 62 deletions(-) diff --git a/Network/QUIC/Packet/Token.hs b/Network/QUIC/Packet/Token.hs index 99285646..e879b96c 100644 --- a/Network/QUIC/Packet/Token.hs +++ b/Network/QUIC/Packet/Token.hs @@ -1,3 +1,6 @@ +{-# LANGUAGE DeriveGeneric #-} +{-# OPTIONS_GHC -Wno-orphans #-} + module Network.QUIC.Packet.Token ( CryptoToken (..), isRetryToken, @@ -7,11 +10,11 @@ module Network.QUIC.Packet.Token ( decryptToken, ) where -import qualified UnliftIO.Exception as E +import Codec.Serialise import qualified Crypto.Token as CT +import qualified Data.ByteString.Lazy as BL import Data.UnixTime -import Foreign.C.Types -import Network.ByteOrder +import GHC.Generics import Network.QUIC.Imports import Network.QUIC.Types @@ -23,6 +26,12 @@ data CryptoToken = CryptoToken , tokenCreatedTime :: TimeMicrosecond , tokenCIDs :: Maybe (CID, CID, CID) -- local, remote, orig local } + deriving (Generic) + +instance Serialise UnixTime +instance Serialise Version +instance Serialise CID +instance Serialise CryptoToken isRetryToken :: CryptoToken -> Bool isRetryToken token = isJust $ tokenCIDs token @@ -42,64 +51,18 @@ generateRetryToken ver l r o = do ---------------------------------------------------------------- encryptToken :: CT.TokenManager -> CryptoToken -> IO Token -encryptToken mgr ct = encodeCryptoToken ct >>= CT.encryptToken mgr +encryptToken mgr ct = CT.encryptToken mgr (encodeCryptoToken ct) decryptToken :: CT.TokenManager -> Token -> IO (Maybe CryptoToken) -decryptToken mgr token = do - mx <- CT.decryptToken mgr token - case mx of - Nothing -> return Nothing - Just x -> decodeCryptoToken x +decryptToken mgr token = + (>>= decodeCryptoToken) <$> CT.decryptToken mgr token ---------------------------------------------------------------- -cryptoTokenSize :: Int -cryptoTokenSize = 76 -- 4 + 8 + 1 + (1 + 20) * 3 - -encodeCryptoToken :: CryptoToken -> IO Token -encodeCryptoToken (CryptoToken (Version ver) tim mcids) = - withWriteBuffer cryptoTokenSize $ \wbuf -> do - write32 wbuf ver - let CTime s = utSeconds tim - write64 wbuf $ fromIntegral s - case mcids of - Nothing -> write8 wbuf 0 - Just (l, r, o) -> do - write8 wbuf 1 - bury wbuf l - bury wbuf r - bury wbuf o - where - bury wbuf x = do - let (xcid, xlen) = unpackCID x - write8 wbuf xlen - copyShortByteString wbuf xcid - ff wbuf (20 - fromIntegral xlen) - -decodeCryptoToken :: Token -> IO (Maybe CryptoToken) -decodeCryptoToken token = do - ex <- E.try $ decodeCryptoToken' token - case ex of - Left (E.SomeException _) -> return Nothing - Right x -> return $ Just x - -decodeCryptoToken' :: ByteString -> IO CryptoToken -decodeCryptoToken' token = withReadBuffer token $ \rbuf -> do - ver <- Version <$> read32 rbuf - s <- CTime . fromIntegral <$> read64 rbuf - let tim = UnixTime s 0 - typ <- read8 rbuf - case typ of - 0 -> return $ CryptoToken ver tim Nothing - _ -> do - l <- pick rbuf - r <- pick rbuf - o <- pick rbuf - return $ CryptoToken ver tim $ Just (l, r, o) - where - pick rbuf = do - xlen0 <- fromIntegral <$> read8 rbuf - let xlen = min xlen0 20 - x <- makeCID <$> extractShortByteString rbuf xlen - ff rbuf (20 - xlen) - return x +encodeCryptoToken :: CryptoToken -> Token +encodeCryptoToken = BL.toStrict . serialise + +decodeCryptoToken :: Token -> Maybe CryptoToken +decodeCryptoToken token = case deserialiseOrFail (BL.fromStrict token) of + Left DeserialiseFailure{} -> Nothing + Right x -> Just x diff --git a/Network/QUIC/Types/CID.hs b/Network/QUIC/Types/CID.hs index 307d4417..ddca69c8 100644 --- a/Network/QUIC/Types/CID.hs +++ b/Network/QUIC/Types/CID.hs @@ -1,3 +1,5 @@ +{-# LANGUAGE DeriveGeneric #-} + module Network.QUIC.Types.CID ( CID (..), myCIDLength, @@ -15,13 +17,14 @@ module Network.QUIC.Types.CID ( import qualified Data.ByteString.Short as Short +import GHC.Generics import Network.QUIC.Imports myCIDLength :: Int myCIDLength = 8 -- | A type for conneciton ID. -newtype CID = CID Bytes deriving (Eq, Ord) +newtype CID = CID Bytes deriving (Eq, Ord, Generic) instance Show CID where show (CID cid) = shortToString (enc16s cid) diff --git a/Network/QUIC/Types/Packet.hs b/Network/QUIC/Types/Packet.hs index 563a060b..c5108e2c 100644 --- a/Network/QUIC/Types/Packet.hs +++ b/Network/QUIC/Types/Packet.hs @@ -1,10 +1,12 @@ +{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE PatternSynonyms #-} module Network.QUIC.Types.Packet where import Data.Ix -import Network.TLS.QUIC (ExtensionID(ExtensionID, EID_QuicTransportParameters)) +import GHC.Generics +import Network.TLS.QUIC (ExtensionID (EID_QuicTransportParameters, ExtensionID)) import Network.UDP import Text.Printf @@ -17,7 +19,7 @@ import Network.QUIC.Types.Time ---------------------------------------------------------------- -- | QUIC version. -newtype Version = Version Word32 deriving (Eq, Ord) +newtype Version = Version Word32 deriving (Eq, Ord, Generic) {- FOURMOLU_DISABLE -} pattern Negotiation :: Version diff --git a/quic.cabal b/quic.cabal index 5e7ff94e..7a40a413 100644 --- a/quic.cabal +++ b/quic.cabal @@ -146,6 +146,7 @@ library network-control >= 0.0.2 && < 0.1, network-udp >= 0.0.0 && < 0.1, random >= 1.2.1 && < 1.3, + serialise, tls >= 2.0 && < 2.1, unliftio >= 0.2 && < 0.3, unliftio-core >= 0.2 && < 0.3 From c9b3b09527b2890acfd545b624ed396b7868af94 Mon Sep 17 00:00:00 2001 From: Kazu Yamamoto Date: Wed, 7 Feb 2024 10:22:36 +0900 Subject: [PATCH 5/8] using clientUseEarlyData --- Network/QUIC/TLS.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Network/QUIC/TLS.hs b/Network/QUIC/TLS.hs index e0d8e745..bb6fab2f 100644 --- a/Network/QUIC/TLS.hs +++ b/Network/QUIC/TLS.hs @@ -45,7 +45,7 @@ clientHandshaker callbacks ClientConfig{..} ver myAuthCIDs establish use0RTT = d , clientSupported = supported , clientDebug = debug , clientWantSessionResume = resumptionSession ccResumption - , clientEarlyData = use0RTT + , clientUseEarlyData = use0RTT } convTP = onTransportParametersCreated ccHooks params = convTP $ setCIDsToParameters myAuthCIDs ccParameters From d2dccb1da5129aa636512a7e1c926d11459df8e8 Mon Sep 17 00:00:00 2001 From: Kazu Yamamoto Date: Wed, 7 Feb 2024 10:29:56 +0900 Subject: [PATCH 6/8] boundary --- quic.cabal | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quic.cabal b/quic.cabal index 7a40a413..c8a99ed4 100644 --- a/quic.cabal +++ b/quic.cabal @@ -130,7 +130,7 @@ library base16-bytestring >= 1.0 && < 1.1, bytestring >= 0.10 && < 0.13, containers >= 0.6 && < 0.7, - crypto-token >= 0.1 && < 0.2, + crypto-token >= 0.1.1 && < 0.2, crypton >= 0.34 && < 0.35, memory >= 0.18.0 && < 0.19, crypton-x509 >= 1.7.6 && < 1.8, From 7b41a2db2410e5ea0a4a81bad22b2a631ea8ffe1 Mon Sep 17 00:00:00 2001 From: Kazu Yamamoto Date: Wed, 7 Feb 2024 15:43:13 +0900 Subject: [PATCH 7/8] defining scTicketLifetime --- Network/QUIC/Config.hs | 3 +++ Network/QUIC/Packet/Token.hs | 13 +++++++------ Network/QUIC/Server/Reader.hs | 21 ++++++++++++--------- Network/QUIC/Server/Run.hs | 11 ++++++----- Network/QUIC/TLS.hs | 1 + 5 files changed, 29 insertions(+), 20 deletions(-) diff --git a/Network/QUIC/Config.hs b/Network/QUIC/Config.hs index f8874229..860115c7 100644 --- a/Network/QUIC/Config.hs +++ b/Network/QUIC/Config.hs @@ -133,6 +133,8 @@ data ServerConfig = ServerConfig , scSessionManager :: SessionManager -- ^ A session manager of TLS 1.3. , scDebugLog :: Maybe FilePath + , scTicketLifetime :: Int + -- ^ A lifetime (in seconds) for TLS session ticket and QUIC token. } -- | The default value for server configuration. @@ -155,4 +157,5 @@ defaultServerConfig = , scRequireRetry = False , scSessionManager = noSessionManager , scDebugLog = Nothing + , scTicketLifetime = 7200 } diff --git a/Network/QUIC/Packet/Token.hs b/Network/QUIC/Packet/Token.hs index e879b96c..36339c59 100644 --- a/Network/QUIC/Packet/Token.hs +++ b/Network/QUIC/Packet/Token.hs @@ -23,6 +23,7 @@ import Network.QUIC.Types data CryptoToken = CryptoToken { tokenQUICVersion :: Version + , tokenLifeTime :: Word32 , tokenCreatedTime :: TimeMicrosecond , tokenCIDs :: Maybe (CID, CID, CID) -- local, remote, orig local } @@ -38,15 +39,15 @@ isRetryToken token = isJust $ tokenCIDs token ---------------------------------------------------------------- -generateToken :: Version -> IO CryptoToken -generateToken ver = do +generateToken :: Version -> Int -> IO CryptoToken +generateToken ver life = do t <- getTimeMicrosecond - return $ CryptoToken ver t Nothing + return $ CryptoToken ver (fromIntegral life) t Nothing -generateRetryToken :: Version -> CID -> CID -> CID -> IO CryptoToken -generateRetryToken ver l r o = do +generateRetryToken :: Version -> Int -> CID -> CID -> CID -> IO CryptoToken +generateRetryToken ver life l r o = do t <- getTimeMicrosecond - return $ CryptoToken ver t $ Just (l, r, o) + return $ CryptoToken ver (fromIntegral life) t $ Just (l, r, o) ---------------------------------------------------------------- diff --git a/Network/QUIC/Server/Reader.hs b/Network/QUIC/Server/Reader.hs index 43e7120f..3c1d103c 100644 --- a/Network/QUIC/Server/Reader.hs +++ b/Network/QUIC/Server/Reader.hs @@ -59,11 +59,14 @@ data Dispatch = Dispatch { , acceptQ :: AcceptQ } -newDispatch :: IO Dispatch -newDispatch = Dispatch <$> CT.spawnTokenManager CT.defaultConfig - <*> newIORef emptyConnectionDict - <*> newIORef emptyRecvQDict - <*> newAcceptQ +newDispatch :: ServerConfig -> IO Dispatch +newDispatch ServerConfig{..} = + Dispatch <$> CT.spawnTokenManager conf + <*> newIORef emptyConnectionDict + <*> newIORef emptyRecvQDict + <*> newAcceptQ + where + conf = CT.defaultConfig { CT.tokenLifetime = scTicketLifetime } clearDispatch :: Dispatch -> IO () clearDispatch d = CT.killTokenManager $ tokenMgr d @@ -285,7 +288,7 @@ dispatch Dispatch{..} ServerConfig{..} logAction -- initial_source_connection_id = S3 (dCID) S2 in our server -- original_destination_connection_id = S1 (o) -- retry_source_connection_id = S2 (dCID) - pushToAcceptRetried (CryptoToken _ _ (Just (_,_,o))) = do + pushToAcceptRetried (CryptoToken _ _ _ (Just (_,_,o))) = do let myAuthCIDs = defaultAuthCIDs { initSrcCID = Just dCID , origDstCID = Just o @@ -296,9 +299,9 @@ dispatch Dispatch{..} ServerConfig{..} logAction } pushToAcceptQ myAuthCIDs peerAuthCIDs o True pushToAcceptRetried _ = return () - isRetryTokenValid (CryptoToken _tver etim (Just (l,r,_))) = do + isRetryTokenValid (CryptoToken _tver life etim (Just (l,r,_))) = do diff <- getElapsedTimeMicrosecond etim - return $ diff <= Microseconds 30000000 -- fixme + return $ diff <= Microseconds (fromIntegral life * 1000000) && dCID == l && sCID == r #if !defined(mingw32_HOST_OS) @@ -309,7 +312,7 @@ dispatch Dispatch{..} ServerConfig{..} logAction isRetryTokenValid _ = return False sendRetry = do newdCID <- newCID - retryToken <- generateRetryToken peerVer newdCID sCID dCID + retryToken <- generateRetryToken peerVer scTicketLifetime newdCID sCID dCID mnewtoken <- timeout (Microseconds 100000) "sendRetry" $ encryptToken tokenMgr retryToken case mnewtoken of Nothing -> logAction "retry token stacked" diff --git a/Network/QUIC/Server/Run.hs b/Network/QUIC/Server/Run.hs index d0da328f..5a106123 100644 --- a/Network/QUIC/Server/Run.hs +++ b/Network/QUIC/Server/Run.hs @@ -53,7 +53,7 @@ run conf server = NS.withSocketsDo $ handleLogUnit debugLog $ do debugLog msg | doDebug = stdoutLogger ("run: " <> msg) | otherwise = return () setup = do - dispatch <- newDispatch + dispatch <- newDispatch conf -- fixme: the case where sockets cannot be created. ssas <- mapM UDP.serverSocket $ scAddresses conf tids <- mapM (runDispatcher dispatch conf) ssas @@ -79,7 +79,7 @@ runServer conf server0 dispatch baseThreadId acc = handshaker <- handshakeServer conf' conn myAuthCIDs let server = do wait1RTTReady conn - afterHandshakeServer conn + afterHandshakeServer conf conn server0 conn ldcc = connLDCC conn supporters = foldr1 concurrently_ [handshaker @@ -160,14 +160,15 @@ createServerConnection conf@ServerConfig{..} dispatch Accept{..} baseThreadId = return $ ConnRes conn accMyAuthCIDs reader #endif -afterHandshakeServer :: Connection -> IO () -afterHandshakeServer conn = handleLogT logAction $ do +afterHandshakeServer :: ServerConfig -> Connection -> IO () +afterHandshakeServer ServerConfig{..} conn = handleLogT logAction $ do -- cidInfo <- getNewMyCID conn register <- getRegister conn register (cidInfoCID cidInfo) conn -- - cryptoToken <- generateToken =<< getVersion conn + ver <- getVersion conn + cryptoToken <- generateToken ver scTicketLifetime mgr <- getTokenManager conn token <- encryptToken mgr cryptoToken let ncid = NewConnectionID cidInfo 0 diff --git a/Network/QUIC/TLS.hs b/Network/QUIC/TLS.hs index bb6fab2f..e0548861 100644 --- a/Network/QUIC/TLS.hs +++ b/Network/QUIC/TLS.hs @@ -94,6 +94,7 @@ serverHandshaker callbacks ServerConfig{..} ver getParams = , serverSupported = supported , serverDebug = debug , serverEarlyDataSize = if scUse0RTT then quicMaxEarlyDataSize else 0 + , serverTicketLifetime = scTicketLifetime } convTP = onTransportParametersCreated scHooks convExt = onTLSExtensionCreated scHooks From f1d096bae99bd990789275fa99f8a5ee50876695 Mon Sep 17 00:00:00 2001 From: Kazu Yamamoto Date: Tue, 13 Feb 2024 10:22:10 +0900 Subject: [PATCH 8/8] ver bumps up --- Network/QUIC/TLS.hs | 9 +-------- quic.cabal | 4 ++-- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/Network/QUIC/TLS.hs b/Network/QUIC/TLS.hs index e0548861..3f530bce 100644 --- a/Network/QUIC/TLS.hs +++ b/Network/QUIC/TLS.hs @@ -17,14 +17,7 @@ import Network.QUIC.Parameters import Network.QUIC.Types sessionManager :: SessionEstablish -> SessionManager -sessionManager establish = - SessionManager - { sessionEstablish = establish - , sessionResume = \_ -> return Nothing - , sessionResumeOnlyOnce = \_ -> return Nothing - , sessionInvalidate = \_ -> return () - , sessionUseTicket = False - } +sessionManager establish = noSessionManager{sessionEstablish = establish} clientHandshaker :: QUICCallbacks diff --git a/quic.cabal b/quic.cabal index c8a99ed4..fdcc3c5e 100644 --- a/quic.cabal +++ b/quic.cabal @@ -1,6 +1,6 @@ cabal-version: >=1.10 name: quic -version: 0.1.15 +version: 0.1.16 license: BSD3 license-file: LICENSE maintainer: kazu@iij.ad.jp @@ -181,7 +181,7 @@ executable server network-byte-order, quic, tls, - tls-session-manager, + tls-session-manager >= 0.0.5, unliftio if flag(devel)